Red Alert 2.0, a Trojan that steals Android owners' personal data and contacts, can lift information from more than 60 banking and social media media apps, including Instagram, Union Bank and Wells Fargo. The malicious software can also block and record incoming phone calls from banks or financial organizations.

When someone using an infected device opens an app targeted by Red Alert 2.0, a fake overlay screen appears. If he enters his username and password, an error page pops up, sending the data to a server controlled by cybercriminals.

"Red Alert actors are regularly adding new functionality, such as blocking and logging incoming calls of banks, which could affect the process of fraud operation departments...that are calling users on their infected Android phone regarding potential malicious activity," said Amsterdam-based cybersecurity firm SfyLabs.

The malware was discovered in several third-party marketplaces with fraudulent apps like flash players and messengers.

Infected apps are becoming problematic for Android app developers and consumers. As of last spring, an estimated 1.3 to 1.4 billion people owned Android phones, which are easier to infiltrate than iOS-based devices. The Google-developed operating system is "more open and adaptable."

In 2016, SophosLabs processed more than 8.5 million suspicious Android applications, and more than 50 percent were a form of malicious software or adware.